github.com/containers/buildah (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/containers/buildah, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2020-10696 — CVSS 8.8 (high): A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a…
CVE-2024-11218 — CVSS 8.6 (high): A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition…
CVE-2024-1753 — CVSS 8.6 (high): A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem…
CVE-2024-9675 — CVSS 7.8 (high): A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache…
CVE-2022-2990 — CVSS 7.1 (high): An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or…
CVE-2022-2995 — CVSS 7.1 (high): Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible…
CVE-2022-2989 — CVSS 7.1 (high): An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or…
CVE-2022-27651 — CVSS 6.8 (medium): A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker…
CVE-2021-3602 — CVSS 5.5 (medium): An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds…
CVE-2023-25173 — CVSS 5.3 (medium): containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary…
CVE-2022-36109 — CVSS 5.3 (medium): Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where…
CVE-2024-9407 — CVSS 4.7 (medium): A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the…